[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tlsdate/master] Restrict loggable date fields even harder.
commit cc1fde04ad35d4df138390e04e981a04ff34073e
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon Oct 14 11:30:00 2013 -0400
Restrict loggable date fields even harder.
---
src/tlsdate-helper.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c
index 7813158..311d374 100644
--- a/src/tlsdate-helper.c
+++ b/src/tlsdate-helper.c
@@ -222,7 +222,7 @@ sanitize_string(const char *s)
{
const unsigned char *cp;
for (cp = (const unsigned char *)s; *cp; cp++) {
- if (*cp < 32 || *cp > 127)
+ if (*cp < 32 || *cp >= 127)
return "string with invalid characters";
}
return s;
@@ -254,6 +254,10 @@ handle_date_line(const char *dateline, uint32_t *result)
return 0;
dateline += 8;
+ if (strlen(dateline) > MAX_DATE_LINE_LEN) {
+ verb("V: The date line was impossibly long.\n");
+ return -1;
+ }
verb("V: The alleged date is <%s>\n", sanitize_string(dateline));
while (*dateline == ' ')
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits